|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40915 addcslashes has unexpected behavior with binary input / string terminator
Submitted: 2007-03-26 06:06 UTC Modified: 2007-03-26 10:28 UTC
From: trevor at corevx dot com Assigned: tony2001 (profile)
Status: Closed Package: Strings related
PHP Version: 5.2.1 OS: Solaris / OS X
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: trevor at corevx dot com
New email:
PHP Version: OS:


 [2007-03-26 06:06 UTC] trevor at corevx dot com
When the input to addcslashes contains a NULL character (string terminator, \000) the resulting output is terminated at that point if the NULL character is not deliberately escaped.  

This makes it impossible to use addcslashes for certain special cases with binary data.  If fixed it would be a much more powerful tool.

Reproduce code:
# Last pair demonstrates issue

$str = "a\000z";

echo $str;                                # => az
strlen( $str );                           # => 3

addslashes( $str );                       # => a\0z
strlen( addslashes( $str ) );             # => 4

addcslashes( $str, "\000z" );             # => a\000\z
strlen( addcslashes( $str, "\000z" ) );   # => 7

addcslashes( $str, "z" );                 # => a
strlen( addcslashes( $str, "z" ) );       # => 1

Expected result:
echo addcslashes( $str, "z" );            # => a\z
strlen( addcslashes( $str, "z" ) );       # => 4


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-26 10:28 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Nov 30 17:01:30 2023 UTC